System for performing remote operation between firewall-equipped networks or devices

ABSTRACT

A remote operation system is disclosed which is used with a network environment in which a unit that provides remote operation services through networks and a unit that receives the services are each safeguarded by a firewall (or “each equipped with a firewall for”) from an external network. The remote operation service receiving unit sets up a connection A with the firewall installed on the remote operation service providing unit side and transmits security check information to that firewall. The firewall checks this security check information and then sets up a connection B with the remote operation service providing unit via its associated internal network when it is determined that the security check information has been sent from a contract user unit. Thereby, information used for remote operation can be transmitted between the two units over a logical path composed of the connections A and B.

BACKGROUND OF THE INVENTION

[0001] 1. Field of the Invention

[0002] This invention relates to a remote maintenance and remoteoperation system in which a servicing device connected to anintracompany network of a service providing company performs maintenanceand management on a device connected to a user-side network over an openexternal network, such as the Internet, through remote operation, andmore specifically to a remote maintenance and remote operation systemfor use with network systems each of which is equipped with a firewallfor the other.

[0003] 2. Description of the Related Art

[0004] Nowadays a system is being practiced actively which performsmaintenance and management on users' devices through remote operationover networks in order to save expenses and time for business trips.

[0005] Also, an attempt is being made to adopt a system which employsthe Internet as a network for remote operation. The Internet is theworldwide network which permits free communications with unspecifiedpersons around the world. Thus, the employment of the Internet willpermit global remote maintenance service.

[0006] Incidentally, the Internet has a problem of security because itis an open network. In particular, if an intracompany network of acompany is connected to the Internet and so all of host computersconnected to that network are made accessible by outsiders over theInternet, then the company will be exposed to dangers that importantinternal information which must be kept confidential may be stolen, thesystem may be crashed, data may be altered, and the like.

[0007] For this reason, a “firewall” has come to be provided between theInternet and an intracompany network recently. The firewall is afacility for protecting the intracompany network from hackers. Ingeneral, firewalls are roughly classified into packet filteringgateways, circuit gateways, and application gateways.

[0008]FIG. 1 is a schematic illustration of a firewall that is equippedwith the above-described packet filtering gateway feature and installedbetween an external network (Internet) 1 and an internal network(intracompany network) 2. In this figure there are illustrated IPaddress filtering and TCP port filtering by way of example.

[0009] Communications are made over the Internet on the basis on theTCP/IP protocol and IP datagram (IP packet) routing within the Internetis controlled on a bucket brigade basis. The IP datagram contains an IPheader and a TCP header in its header.

[0010] The IP header contains an IP destination address (receiving IPaddress in the figure) and an IP source address (transmitting IP addressin the figure). The IP address comprises a network address and a hostaddress.

[0011] The TCP header contains a receiving port number and atransmitting port number. The port numbers have a one-to-onecorrespondence with processes and are utilized for interprocesscommunications over the Internet. A firewall 3 is provided with an IPaddress table 32 and a port number table 34. Into the IP address table32 is entered a set of IP addresses that is acceptable to the internalnetwork 2. Also, into the port number table 34 is entered a set of portnumbers that is acceptable to the internal network 2.

[0012] In the IP address filtering, when a packet is received, areference is made to the IP address table 32. If a transmitting IPaddress that has not been entered into that table is placed in the IPheader of that packet (IP datagram), the IP datagram is rejected. Also,in the TCP port filtering, a reference is made to the port number table34 when an IP datagram (packet) is received. If a port number that hasnot been stored into the port number table 34 is placed in the TCPheader of that IP datagram, it is rejected. In this way, specificapplications, such as Telenet, FTP and the like, can be filtered.

[0013]FIG. 2 is a diagram for use in explanation of a second feature ofthe firewall 3.

[0014] The firewall 3 is provided with a feature of making access tohosts within the internal network 2 for hosts on the external network 1(e.g., the Internet) in order not to allow the external hosts to makedirect access to the hosts within the internal network 2. In otherwords, access by hosts within the internal network 2 to the externalnetwork is to be made through the firewall 3 all the time.

[0015] In the example shown in FIG. 2, an IP address of “E” is set up onthe firewall 3. Also, “A”, “B”, “C” and “D” are set up on hosts A, B, Cand D in the internal network 2 as their respective IP addresses. Insuch a system, for example, when the host B wants to transmit an IPdatagram 12 to some host (external host) on the external network 1, thehost B transmits the datagram 12 to the firewall 3 not to the externalhost directly. Since the IP address set up on the host B is “B” asdescribed above, the transmitting IP address of the IP datagram 12 is“B”. Upon receipt of the IP datagram 12, the firewall 3 translates theoriginal transmitting IP address B to its IP address “E” for subsequenttransmission over the external network 1.

[0016] Thus, if only the IP address of the firewall 3 is made open tothe external network 1, the existence of the internal network will bekept from the external network. The feature is also called the IP relayfeature.

[0017] By installing the firewall 3 equipped with such a packetfiltering gateway feature as described above between the internalnetwork 2 and the external network 1, improper IP datagrams that aregoing to enter the internal network 2 directly from the external network1 can be blocked almost completely.

[0018]FIG. 3 shows a system in which internal networks 2A, 2B, 2C and 2Dof respective A, B, C and D companies are connected with a commercialnetwork 5. In this system, each of the A, B, C and D companies installsa respective one of firewalls 3A, 3B, 3C and 3D between its own internalnetwork 2A, 2B, 2C, and 2D and the commercial internet 5 in order toprotect their respective internal networks from unauthorized access viathe commercial network 5.

[0019] Next, problems with such a system as shown in FIG. 3 will bedescribed with reference to FIG. 4.

[0020] In FIG. 4, the A company is a company which provides maintenanceand management services for pieces of software and hardware within anetwork that its client manages. Suppose that the client is the Dcompany and the A company considers performing maintenance andmanagement services for a serviced device 7 connected to the D company'snetwork 2D using a servicing device 6 connected to its own network bymeans of remote operation over the commercial internet 5.

[0021] In this case, when the IP address of the A company's firewall 3Ahas not been entered into the IP address table 32 in the D company'sfirewall 3D, even if the servicing device 6 transmits a packet forremote operation to the serviced device 7 of the D company, that packetis rejected by the firewall 3D and cannot enter the D company's internalnetwork 2D. Thus, the A company cannot provides maintenance andmanagement services for the serviced device of the D company.

[0022] If, on the other hand, the IP address of the A company's firewall3A is entered into the IP address table 32 of the D company's firewall3D, then the A company's servicing device 6 will be able to performmaintenance and management on the D company's serviced device 7 byremote operation. However, this will result in a problem of security.That is, in this case, since any host connected to the A company'sinternal network 2A, even it be a host other than the servicing device6, can enter the D company's internal network, the possibility existsthat the internal network 2D system of the D company may be destroyedand important information may be stolen. The reason is that the Dcompany's firewall 3D cannot identify the source of packets sent fromthe A company's firewall 3A over the commercial internet 5.

[0023] In the prior art, therefore, as shown schematically in FIG. 5,direct point-to-point connection is made by a public line 8 or privateline between the A company's servicing device 6 and the D company'sserviced device 7 for maintenance and management service for the latter.With such an approach, however, it is required that both the A and Dcompanies prepare communications devices 9A and 9B dedicated to thedirect point-to-point connection therebetween and a servicingenvironment. Undesirably this involves double investment by both thecompanies, resulting in an increase in cost. In addition, in order toprotect intracompany network security, it is necessary to carry outtroublesome work of disconnecting each of the servicing device 6 and theserviced device 7 from its associated intracompany network 2A, 2B at thestart of service and connecting them again at the termination ofservice.

SUMMARY OF THE INVENTION

[0024] It is an object of the invention to enable remote operationbetween devices each of which is connected to its associated internalnetwork equipped with a firewall.

[0025] The present invention is directed to a system which is providedwith a servicing unit connected to a first internal network in which afirst firewall is installed for an external network and a serviced unitconnected to a second internal network in which a second firewall isinstalled for the external network and wherein the servicing unitperforms a remote operation on the serviced unit through the externalnetwork. In such a system, the serviced unit comprises: packetcommunications means for transmitting an identifier specifying theaddress of the servicing unit connected to the first internal network,setting up a connection with the servicing unit via the second firewalland the first firewall, and transmitting packets to or from theservicing unit over the connection; and remote operation execution meansfor fetching remote operation directive information from packetsreceived by the packet communications means and performing a remoteoperation on the serviced unit as indicated by the remote operationdirective information.

[0026] The serviced unit becomes able to transmit and receive packetsused for remote operation to or from the servicing unit by first sendingthe identifier to the firewall on the servicing unit side and thensetting up the connection with the servicing unit. Thus, the servicedunit can receive packets containing remote operation directiveinformation from the servicing unit and perform an operation on itselfas indicated by that directive information, thereby performing a remoteoperation.

BRIEF DESCRIPTION OF THE DRAWINGS

[0027]FIG. 1 is a diagram for use in explanation of the packet filteringgateway feature of a firewall;

[0028]FIG. 2 is a diagram for use in explanation of the IP addresstranslation/relay feature which is a second feature of the firewall;

[0029]FIG. 3 shows a system in which each of internal networks of A, B,C and D companies is connected by a firewall to a commercial internet;

[0030]FIG. 4 is a diagram for use in explanation of the reason why, inthe system of FIG. 3, a servicing unit connected to the internal networkof the A company cannot perform remote maintenance/operation on aserviced unit connected to the internal network of the D company;

[0031]FIG. 5 is a diagram for use in explanation of a prior art methodby which, in the system of FIG. 3, the servicing unit connected to theinternal network of the A company performs remote maintenance/operationon a serviced unit connected to the internal network of the D company;

[0032]FIG. 6 is a first diagram for use in explanation of the principlesof the present invention;.

[0033]FIG. 7 is a second diagram for use in explanation of theprinciples of the present invention;

[0034]FIG. 8 is a third diagram for use in explanation of the principlesof the present invention;

[0035]FIG. 9 is a fourth diagram for use in explanation of theprinciples of the present invention;

[0036]FIG. 10 shows the entire configuration of a remote maintenance andoperation system according to an embodiment of the present invention;

[0037]FIG. 11 is a diagram for use in explanation of the overalloperation of the system of FIG. 10;

[0038]FIG. 12 shows an exemplary system configuration of the embodimentof FIG. 10;

[0039]FIG. 13 shows a configuration of the header of an IP datagram in apacket communicated between the service company network and the clientcompany network in the system of FIG. 12;

[0040]FIG. 14 is a first diagram illustrating the contents of a packetcommunicated between the servicing unit and the client's serviced devicewhen the servicing device performs remote maintenance/operation on theserviced unit in the system of FIG. 12;

[0041]FIG. 15 is a second diagram illustrating the contents of a packetcommunicated between the servicing unit and the client's serviced devicewhen the servicing unit performs remote maintenance/operation on theserviced unit in the system of FIG. 12;

[0042]FIG. 16 is a third diagram illustrating the contents of a packetcommunicated between the servicing unit and the client's serviced devicewhen the servicing unit performs remote maintenance/operation on theserviced unit in the system of FIG. 12;

[0043]FIG. 17 shows the format of a packet transferred between theservicing unit and the serviced unit during the operation shown in FIGS.14, 15 and 16;

[0044]FIGS. 18A and 18B are diagrams for use in explanation of theformats of the respective packets shown in FIGS. 14 and 16;

[0045]FIG. 19 is an operating flowchart illustrating a process ofrelaying a packet (IP datagram) between the serviced unit and theservicing unit by the remote maintenance/operation central unit; and

[0046]FIG. 20 is an operating flowchart illustrating the IP relayfeature of the remote maintenance/operation central unit illustrated inthe operating flowchart of FIG. 19 from a different point of view.

DESCRIPTION OF THE PREFERRED EMBODIMENT

[0047] Referring now to FIG. 6, which is a first diagram illustratingthe principles of the present invention, a client's internal network 82is connected by an external network 84 with a remote operation serviceproviding company's internal network 86. Firewalls 83 and 85 arerespectively installed in the internal networks 82 and 86 for theexternal network 84. An embodiment of the present invention supposes aremote operation service system in which a remote operation service isprovided to a serviced unit 81 connected to the client internal network82 by a servicing unit 87 connected to the remote operation providingcompany's internal network 86.

[0048] The serviced unit 81 sets up a first connection with the secondfirewall 85 associated with the remote operation service providingcompany's internal network 86 via the client network 82 and the firstfirewall 83 associated with the network 82 and then communicates packetscontaining data for remote operation with the servicing unit 87connected to the service company's internal network 86.

[0049] The second firewall 85 sets up a second connection with theservicing unit 87 via its associated internal network 86 after the firstconnection with the serviced unit 81 has been set up and then relayspackets to be transmitted between the serviced unit 81 and the servicingunit 87 using the fist and second connections.

[0050] The servicing unit 87 transmits packets to be transmitted to orfrom the serviced unit 81 to or from the second firewall 85 over thesecond connection to thereby provide a remote operation service for theserviced unit 81.

[0051] It should be noted here that the above-described first and secondconnections indicate logical paths, not private lines.

[0052] The second firewall 85 is equipped with a validation section forvalidating whether or not the serviced unit 81 belongs to a user undercontract on the basis of the contents of data in packets transmittedfrom the serviced unit 81 over the first connection.

[0053] The serviced unit 81 is equipped with a validation section which,at the time of receipt of a packet produced by the servicing unit 87 andtransferred from the second firewall 85 over the first connection,validates whether a remote operation executing command stored in thatpacket is valid or not.

[0054] The above-described external network is the Internet by way ofexample.

[0055]FIG. 7 is a second diagram illustrating the principles of thepresent invention.

[0056] In the figure, the serviced unit 81 is illustrated equipped witha packet communications section 51, a remote operation execution section52, an execution result return section 53, and a security check section54.

[0057] The packet communications section 51 transmits an identifierspecifying the address of the servicing unit 87 connected to theinternal network 86 to the second firewall 85, sets up a connection withthe servicing unit 87 via the first and second firewalls 83 and 85, andtransmits packets to or from the servicing unit 87 over that connection.

[0058] The execution result return unit 53 returns the results ofexecution of remote operation by the remote operation execution section52 to the second firewall 85 via the packet communications section.

[0059] The security check section 54 checks the validity of a remoteoperation command contained in a packet received by the packetcommunications section 51.

[0060] In this case, the remote operation execution section 52 carriesout remote operation on the serviced unit in accordance with the remoteoperation command after its validity has been confirmed by the securitycheck section 54.

[0061]FIG. 8 is a third diagram for use in explanation of the principlesof the invention.

[0062] In this figure, a central unit 88 functions as the secondfirewall 85 for the external network 84 of the internal network 86 ofthe company which provides remote operation service via the externalnetwork 84 for the serviced unit 81 connected to the contract user'sinternal network 82 in which the first firewall 83 is installed againstthe external network 84.

[0063] The central unit 88 is equipped with a first packetcommunications section 61, a security check unit 62, and a second packetcommunications section 63.

[0064] The first packet communications unit 61 sets up a firstconnection with the serviced unit 81 via the first firewall 83 and theexternal network 84 and transmits packets to or from the serviced unit81 over the first connection.

[0065] The security check unit 62 checks packets received by the firstcommunications unit 61 after the first connection has been set up toensure that they have been sent from the serviced unit 81 of the userunder contract.

[0066] The second communications section 63 sets up a second connectionwith the servicing unit 87 via its associated internal network 86 whenthe security check section 62 determined that the packets had been sentfrom the serviced unit 81 of the user under contract and then transmitspackets to or from the servicing unit 87 over the second connection.

[0067] Moreover, the central unit 88 is equipped with a first database64 into which validation information for the user under contract hasbeen entered. The security check section 62 checks received packets forthe presence of the validation information entered into the database 64,thereby determining whether they are from the user under contract.

[0068] Furthermore, the central unit 88 is equipped with a seconddatabase 65 into which servicing unit identification information used toset up the second connection has been entered. The second packetcommunications section 63 may be configured to retrieve servicing unitidentification information corresponding to service identificationinformation stored in packets received by the first packetcommunications section 61 from the second database 65 and set up thesecond -connection using the servicing unit identification information.

[0069]FIG. 9 is a fourth diagram illustrating the principles of theinvention.

[0070] As shown in this figure, the servicing unit 87 is equipped with apacket communications section 71 and a remote operation executionsection 72.

[0071] The packet communications section 71 sets up a connection withthe second firewall 85 and then transmits packets to or from theserviced unit 81 over that connection.

[0072] The remote operation execution section 72 produces a packet inwhich a command is set up to perform a remote operation, which isspecified by remote operation instructing information stored in packetsreceived by the packet communications section 71, on the serviced unitand transmits it to the second firewall 85 via the packet communicationssection.

[0073] The remote operation execution section 72 obtains the result ofexecution of an remote operation that the serviced unit 81 placed frompackets received by the packet communications section and outputs it tothe outside.

[0074] Hereinafter, the operation of the system shown in FIGS. 6 to 9will be described.

[0075] The serviced unit 81 sets up a first connection with the secondfirewall 85 installed for the remote operation servicing company'sinternal network 86 via the client network 82, the first firewall 83 andthe external network 84 and then transmits packets containing data forremote operation to or from the servicing unit 87 connected to theservicing company's internal network 86 over the first connection.

[0076] The second firewall 85 sets up a second connection with theservicing unit 87 via its associated internal network 86 after the firstconnection has been set up and relays packets to be transmitted betweenthe serviced unit 81 and the servicing unit 87 by the use of the firstand second connections.

[0077] The servicing unit 87 performs remote operation service on theserviced unit 81 by transmitting packets that are to be transmitted toor from the serviced unit 81 to or from the second firewall 85 over thesecond connection.

[0078] For example, in this case, after the first connection has beenset up, the second firewall 85 determines, through its validationsection, whether the serviced unit 81 belongs to the user under contractor not on the basis of the contents of data placed in packetstransmitted from the serviced unit 81 over the first connection.

[0079] Also, when receiving a packet from the servicing unit 87 throughthe second firewall 85 and the first connection, the serviced unit 81determines whether a remote operation executing command stored in thatpacket is a valid command or not through its validation section.

[0080] Thus, in a system in which first and second firewalls arerespectively installed in a client internal network 82 and a remoteoperation servicing company's internal network 86 for an externalnetwork 84 to which each of the internal networks is connected, aservicing unit 87 on the servicing company internal network can performremote operation service on a serviced unit 81 on the client internalnetwork through the external network with security for the customer andservicing company internal networks being kept.

[0081] The packet communications section 51 transmits an identifierwhich allows the second firewall 85 to specify the address of theservicing unit 87 connected to the internal network 86, sets up aconnection with the servicing unit 87 through the first and secondfirewalls 83 and 85, and transmits packets to or from the servicing unit87 over that connection. The remote operation execution section 52fetches remote operation command information from a packet received bythe packet communications section 51 and then performs remote operationas specified by the remote operation command information.

[0082] Thus, in a system in which firewalls are respectively installedin a remote operation service providing company's internal network 86and a client internal network 82 for an external network 84 to whicheach of the internal networks is connected, a serviced unit 81 on theclient network can transmit packets to the service providing company'sinternal network 86 and receive packets from a servicing unit 87 on theservice providing company's internal network 86.

[0083] The security check section 54 checks the remote operationinstruction information placed in packets received by the packetcommunications section 51 for validity. The remote operation executionsection 52 then performs a remote operation according to the contents ofthe remote operation directive information the validity of which hasbeen confirmed by the security check section 54. The execution resultreturn section 53 then sends the results of the remote operationexecuted by the remote operation execution section 52 to the secondfirewall 85 through the packet communications section.

[0084] Therefore, the serviced unit 81 can receive remote operationservice while keeping its security and the servicing unit 87 can acquirethe results of a remote operation performed on the serviced unit 81through the second firewall 85.

[0085] The first packet communications section 61 sets up a firstconnection with the serviced unit 81 through the first firewall 83 andthe external network 84 and then transmits packets to or from theserviced unit 81 over the first connection. The security check section62 checks whether or not the packets received by the first packetcommunications section 61 after the first connection has been set up arepackets transmitted from the serviced unit 81 of the user undercontract. When it is determined by the securing check section 62 thatthe packets received by the first packet communications section 61 arepackets transmitted from the serviced unit 81 of the user undercontract, then the second packet communications section 63 sets up asecond connection with the servicing unit 87 through its associatedinternal network 86 and then transmits packets to or from the servicingunit 87 over the second connection.

[0086] Therefore, packets can be transmitted to or from the servicedunit 81 connected to the client internal network 82 in which the firstfirewall 83 is installed. In addition, a security check can be performedon received packets to reject improper packets. Only packets sent fromthe serviced unit 81 of a user under contract can be transmitted to theservicing unit 87. Furthermore, packets can be transmitted from theservicing unit 87 to the serviced unit 81.

[0087] The packet communications section 71 sets up a connection withthe second firewall 85 and then transmits packets to or from theserviced unit 81 over that connection. The remote operation executionsection 72 produces a packet in which a command is placed to perform onthe serviced unit 81 a remote operation specified by remote operationrequest information stored in packets received by the packetcommunications section 71 and then transmits it to the second firewall85 through the packet communications section 71. Moreover, the remoteoperation execution section 72 fetches the result of execution of theremote operation set by the serviced unit 81 from packets received bythe packet communications section 71 and provides it to the outside.

[0088] Therefore, the servicing unit 87 on the service providingcompany's internal network 86 can transmit packets to or from the secondfirewall 85 installed for the external network 84. This allows theservicing unit 87 to transmit packets for remote operation service to orfrom the serviced unit 81 when the second firewall 85 sets up aconnection with the serviced unit 81 on the user internal network 82.

[0089]FIG. 10 shows the entire configuration of a remote maintenance andremote operation system according to an embodiment of the presentinvention.

[0090] In this figure, a network 110 is an intracompany network of the Acompany which provides remote maintenance and remote operation service,while a network 210 is an intracompany network of the D company which isa client or user of that service.

[0091] The A company's network 110 and the D company's client network210 are connected by a line 250 such as a public line, a commercialinternet, or the like. Between the network 110 and the line 250 isinstalled a remote maintenance/operation central unit 120 which servesas a firewall. Also, a firewall 220 is installed between the clientnetwork 210 and the line 250.

[0092] To the service company's network 110 is connected a servicingunit 130 which provides remote maintenance and remote operation service.To the client network 210 is connected a serviced unit 230 whichreceives the remote maintenance and remote operation service provided bythe servicing unit 130.

[0093] The remote maintenance/operation central unit 120 has a functionof relaying packets (IP datagrams) from the servicing unit 130 on theservice company's network 110 to the serviced unit 230 on the clientnetwork 210. The central unit 120 has a user validation feature toprovide security for its associated network 110. The user validationfeature is implemented by the provision of a user validation database121.

[0094] The user validation database 121 stores four pieces ofinformation items, i.e., serviced unit ID, user ID, password, andservice ID, for each serviced unit 230.

[0095] The remote maintenance/operation central unit 120 is alsoequipped with a servicing unit database 122, which stores IP addressesof servicing unit 130 having service IDs which have been entered intothe user validation database 121.

[0096] The remote maintenance/operation central unit 120 is furtherequipped with a serviced unit connected section 124, a servicing unitconnecting section 125, and a service company network security section126.

[0097] The serviced unit connected unit 124 sets up a connection A,which is a logical path, with the serviced unit 230 connected to theclient network 210 via the firewall 220 by means of the TCP protocol. Inthis case, a setup request for the connection A is made by the servicedunit 230 on the client network 210. The serviced unit connected section124 uses the pass A corresponding to the connection A to deliver packetsbound for the serviced unit 230 produced by the servicing unit 130 tothe serviced unit 230 through the firewall 220 and the client network210.

[0098] The servicing unit connecting section 125 is responsive to arequest by the serviced unit connecting section 124 to set up aconnection B, which is a logical path, between the remotemaintenance/operation central unit 120 and the servicing unit 130through the service company network security section 126 by means of theTCP protocol. Note that the setup request for the connection B is madeafter the connection path A has been set up and the serviced unit 230has been identified as a contract user's unit on the basis of theservice ID, user ID, serviced unit ID and password contained in the datapart of a packet sent from the serviced unit over the path A.

[0099] The service company network security section 126 carries out theabove-mentioned user validation process of determining whether theserviced unit 230 is a contract user's unit by making a reference to theuser validation database 121 as requested by the serviced unit connectedsection 124 and then returns the result to the serviced unit connectingsection 124.

[0100] The servicing unit 130 is equipped with a central unit connectingsection 132 and a remote maintenance/operation execution section 134.

[0101] The central unit connecting section 132 sets up the connection Bwith the servicing unit connecting section 125 in the remotemaintenance/operation central unit 120 through the associated network110 and receives a remote maintenance/operation requesting packettransmitted by the serviced unit 230 from the servicing unit connectingsection 125 over the path B corresponding to the connection B. Thisrequest is delivered to the remote maintenance/operation executionsection 134. A packet which stores a command to execute remotemaintenance/operation requested by the remote maintenance/operationexecution section 134 is sent to the servicing unit connecting section125 in the central unit 120 over the path B.

[0102] Upon receipt of a packet containing a message requesting thestart of remote maintenance/operation transmitted by the serviced unit230 via the servicing unit connecting section 125, the remotemaintenance/operation execution section 134 produces a packet bound forthe serviced unit 230 which contains, in its data part, a command toperform remote maintenance/operation on the serviced unit 230 and thenrequests the central unit connected section 132 to send that packet tothe servicing unit 130 in the remote maintenance/operation central unit120. This packet is sent by the central unit connected section 132 tothe servicing unit connected section 125 in the remotemaintenance/operation central unit 120 over the connection B, then sentby the serviced unit connecting section 124 to the serviced unit 230over the connection A. For example, the remote maintenance/operationexecution section 134 performs a remote operation of locating andcorrecting faults in hardware and software that the service company soldto the user (client).

[0103] The serviced unit 230 is composed of a central unit connectingsection 232, a remote maintenance/operation executed section 234, and aserviced unit security section 235.

[0104] The central unit connecting section 232 sets up the connection Awith the serviced unit connected section 124 in the remotemaintenance/operation central unit 120 through its associated firewall220 in making a request to the servicing unit 130 under contract forremote maintenance/operation of its associated unit 230. After that,commands for remote maintenance/operation and packets containing theresults of the remote maintenance/operation are transmitted between thecentral unit connecting section 232 and the servicing unit 130 over thesecondary path comprised of the connection A and the connection B.

[0105] The remote maintenance/operation executed section 234 receivespackets transmitted by the servicing unit 130 from the central unitconnecting section 232, fetches a command for remotemaintenance/operation from the packets, and analyzes and executes thatcommand. The section 234 then produces a packet which contains theresult of the execution of that command, i.e., the result of theexecution of the remote maintenance/operation and requests the centralunit connecting section 232 to transmit that packet to the servicingunit 130. The central unit connecting section 232 then sends that packetto the serviced unit connected section 124 in the remotemaintenance/operation central unit 120 over the connection A.

[0106] When receiving a request by the remote maintenance/operationexecuted section 234, the serviced unit security protection section 235performs a security check on a packet that the remotemaintenance/operation executed section 234 receives from the servicingunit 130. That is, a check is made as to whether the command stored inthat packet is a proper command specified in the contract and the like.The result of that check is returned to the remote maintenance/operationexecuted section 234. For example, the security check is made to protectfiles that the client does not want for the service provider to makeaccess to.

[0107] The serviced unit 230 is equipped with a non-reference file namedatabase 236 as a database which allows the serviced unit securityprotection section 235 to make a security check as described above.

[0108] The names of files that the client forbids the servicing unit 130to make access to are entered into the non-reference file name database236. When a command placed in a packet sent from the servicing unit 130is directed at any one of the files to be protected from unauthorizedaccess, the security protection section 235 instructs the remotemaintenance/operation execution section 134 to prohibit the execution ofthat command.

[0109] As a result, the remote maintenance/operation executed section234 will execute only commands which, of commands from the servicingunit 130, ensure the user security protection.

[0110] The operation of the above-described embodiment will be describedhereinafter with reference to FIG. 11 .

[0111] In the embodiment, the execution of remote maintenance/operationis started as requested by the client. For example, this request is madethrough a GUI (Graphical User Interface) displayed on a display sectionof the serviced unit 230 (S11).

[0112] When this request is made, the central unit connecting section232 sets up the connection A with the serviced unit connected section124 in the remote maintenance/operation central unit 120 through theclient network 210 and the firewall 220. Thereby, a session isestablished between the central unit connecting section 232 and theserviced unit connected section 124, permitting packets to betransmitted between the sections 232 and 124 over the connection A.

[0113] After that, the central unit connecting section 232 produces apacket containing the service ID, user ID, serviced unit ID and passwordwhich were assigned to the serviced unit 230 at the time of contract andthen sends it to the serviced unit connected section 124 in the remotemaintenance/operation central unit 120 over the connection A (S12).

[0114] Upon receipt of the packet, the serviced unit connected section124 sends the service ID, user ID, serviced unit ID, and password placedin the packet to the service company network security protection section126 for a request for determination of whether the packet was sent fromthe serviced unit connected section 124 of a contract user. The securityprotection section 125 checks the four pieces of information withinformation entered into the user validation database 121 (S13) anddetermines whether or not that packet was sent from the contract user(S14). If the determination is that the packet was sent from thecontract user (S14, YES), then the security protection section 125searches the servicing unit database 122 for a servicing unit 130corresponding to the service ID using the service ID as a key andacquires the IP address of the servicing unit 130. The securityprotection section returns the result of the check and the IP address ofthe servicing unit 130 to the serviced unit connected section 124 (S15).

[0115] If, on the other hand, the determination in step S14 is that thepacket is not from a contract user (NO), then the packet is rejected. Inaddition, the connection A is disconnected.

[0116] When the serviced unit connecting section 124 receives the resultof the determination from the associated network security protectionsection 126 and hence knows that the packet received by itself was sentfrom the serviced unit 230 of a contract user, it sends the IP addressof the servicing unit 130 connected to the service company networksecurity protection section 126 to the servicing unit connecting section125 to make a request for setting up the connection B with the servicingunit 130. In response to this request, the servicing unit connectingsection 125 sets up the connection B with the central unit connectedsection 132 in the servicing unit 130 via the service company network110 (S16).

[0117] Thereby, a session is established between the servicing unitconnecting section 125 and the central unit connected section 132,permitting the sections 125 and 132 to transmit packets therebetween.The service company network security protection section 126 may directlyrequest the servicing unit connecting section 125 to set up theconnection B.

[0118] The servicing unit connecting section 125 notifies the centralunit connected section 132 in the servicing unit 130 via the connectionB that packet communications with the serviced unit 230 was madepossible (S17).

[0119] The central unit connecting section 232 then requests the remotemaintenance/operation execution section 134 to start the execution ofremote maintenance/operation on the serviced unit 230. In response tothis request, the execution section 134 starts providing remotemaintenance/operation services specified at the time of a contract. Theremote operation is performed by transmitting a packet containing acommand for remote maintenance/operation to the contract serviced unit230. That is, the remote maintenance/operation execution section 134produces that packet and requests the central unit connected section 132to transmit it to the serviced unit 230 (S18).

[0120] The central unit connected section 132 then transmits that packetfor remote maintenance/operation execution to the servicing unitconnecting section 125 in the remote maintenance/operation central unit120 over the connection B (Sl9).

[0121] Upon receipt of that packet, the servicing unit connectingsection 125 sends it to the central unit connecting section 232 in theserviced unit 230 over the connection A (S20).

[0122] Upon receipt of that packet, the central unit connecting section232 requests the serviced unit security protection section 235 to checkit for validity. Upon receipt of the result that the command containedin that packet is valid from the security protection section 235, thecentral unit connecting section 232 requests the remotemaintenance/operation executed section 234 to execute that command.Then, the section 234 executes the command, produces a packet whichcontains the result of the execution, and requests the central unitconnecting section 232 to send that packet to the servicing unit 130.The connecting section 232 sends the packet received to the servicedunit connected section 124 in the remote maintenance/operation centralunit 120 over the connection A (S21).

[0123] If, in this case, it is determined by the serviced unit securityprotection section 235 that the command specified by the servicing unit130 is a command to make access to a file entered into the non-referencefile name database 236, then the remote maintenance/operation executionsection 234 will not execute that command (S22).

[0124] The serviced unit connected section 124 receives a packetcontaining the results of the remote maintenance/operation execution andthen sends it to the central unit connected section 132 in the servicingunit 130 over the connection B (S23).

[0125] Upon receipt of that packet, the connected section 132 fetchesthe results of the remote maintenance/operation execution from it andthen sends them to the remote maintenance/operation execution section134, which displays the execution results on the display section of theservicing unit 130 (S24).

[0126] The processes in steps 18 through 24 are repeated while theexecution of remote maintenance/operation is directed in the servicedunit 230. Note that the remote maintenance/operation execution isdirected through a GUI (Graphical User Interface) displayed on thedisplay section of the servicing unit 130.

[0127] When the execution of all remote maintenance/operation servicesfor the serviced unit 230 terminates, it is notified to the central unitconnected section 132 by the remote maintenance/operation executionsection 134 (S25).

[0128] The central unit connected section 132 then disconnects theconnection B (S26).

[0129] After the connection B has been disconnected, the servicing unitconnecting section 125 in the remote maintenance/operation central unit120 produces a packet to assign a new password to the serviced unit 230and then sends it to the central unit connecting section 232 in theserviced unit 230 over the connection A. When the serviced unit 230acknowledges receipt of the new password, the serviced unit connectedsection 124 in the remote maintenance/operation central unit 120disconnects the connection A (S27).

[0130] After the disconnection of the connection A, the serviced unit230 stores that new password in a predetermined memory for use with thenext remote maintenance/operation (S28).

[0131] Next, the flow of packets at the time of remotemaintenance/operation execution will be described in detail.

[0132] Suppose here that, as shown in FIG. 12, the service companynetwork 110 and the client network 210 are connected by the Internet250, and the remote maintenance/operation central unit 120 and theservicing unit 130 in the service company network 110 and the firewall220 and the serviced unit 230 in the client network 210 are assigned IPaddresses and port numbers as shown.

[0133] That is, in the service company network 110, the remotemaintenance/operation central unit 120 has its IP address set to “C”,the serviced unit connected section 124 in the central unit has its portnumber set to “P1”, and the servicing unit 130 has its IP address set to“D”.

[0134] In the client network 210, on the other hand, the serviced unit230 has its IP address set to “A”, the central unit connecting section232 in the serviced unit has its port number set to “P2”, and thefirewall 220 has its IP address set to “B”.

[0135]FIG. 13 shows the configuration of a header 300 set up on an IPdatagram in a packet transmitted between the service company network 110and the client network 210.

[0136] The header 300 is composed of an IP header 301, a TCP header 302,and a remote maintenance/operation header 303. The IP header 301contains various pieces of information determined by the IP protocol,such as a transmitting IP address (source address), a receiving IPaddress (destination address), etc. The TCP header 302 contains variouspieces of information determined by the TCP protocol, such as atransmitting port number (source port number), a receiving port number(destination port number), an SEQ (sequence number), etc.

[0137] The remote maintenance/operation header 303, which constitutes afeature of the present embodiment, contains a service ID (SVID), user ID(UID), password (PWD), and serviced unit ID (WID) which, as describedpreviously, are used for security check to determine whether or notpackets received by the serviced unit connected section 124 over theconnection A have been sent from a contract user. The remotemaintenance/operation header 303 is placed in the data part of the TCPheader 302.

[0138]FIGS. 14, 15 and 16 are diagrams for use in explanation of theflow of packets described in conjunction with the flowchart of FIG. 11and the packet contents.

[0139] Before describing the flow of packets and the packet contents,reference will first be made to FIG. 17 to describe the format of apacket 400 transmitted between the serviced unit 230 and the servicingunit 130. This packet begins with a TCP/IP header 400 a as in a usual IPdatagram, followed by a remote maintenance/operation header 400 b usedfor remote maintenance/operation between the serviced unit 230 and theservicing unit 130 and communications data 400 c. The TCP/IP header 400a consists of the IP header 301 and the TCP header 302 shown in FIG. 13.The contents of the remote maintenance/operation header 400 b are thesame as those of the header 303 of FIG. 13.

[0140] Of packets 401 to 406 shown in FIGS. 14, 15 and 16, packets 401,402 and 403 sent from the serviced unit 230 to the servicing unit 130each have a TCP/IP header formatted as shown in FIG. 18A. Packets 404,405 and 406 sent from the servicing unit 130 to the serviced unit 230each have a TCP/IP header formatted as shown in FIG. 18B.

[0141] With packet (IP datagram) communications between the servicedunit 230 and the servicing unit 130 shown in FIGS. 14, 15 and 16, theconnection (session) A set up between the serviced unit 230 and theremote maintenance/operation central unit 120 and the connection(session) B set up between the remote maintenance/operation central unit120 and the servicing unit 130 are employed.

[0142] After the connection A has been set up, the central unitconnecting section 232 in the serviced unit 230 associated with theclient network 210 transmits to the firewall 220 a packet (IP datagram)401 containing a remote maintenance/operation header in the data part ofthe TCP header shown in FIG. 18. The firewall 220 receives that packetover the client network 210 and then changes the transmitting IP addressin the IP header from the IP address, “A”, of the serviced unit 230 toits IP address “B”. The resulting packet (IP datagram) 404 is thentransmitted to the serviced unit connected section 124 in the remotemaintenance/operation central unit 120 associated with the servicecompany network 110 over line 250.

[0143] The above packet communications are made by using the connection(session) A. In this case, the service company network 110 will not knowthe IP address A of the serviced unit 230 because the transmitting IPaddress of the packet 402 that the remote maintenance/operation centralunit 120 associated with the service company network 110 receives is setto the IP address B of the firewall 220 associated with the clientnetwork 210.

[0144] Upon receipt of the packet 402, the remote maintenance/operationcentral unit 120 examines the remote maintenance/operation header of thepacket 402 while maintaining the session A with the firewall 220 on theclient network 210 side. That is, the service company network securityprotection section 126 examines whether or not the service ID, user ID,password, and serviced unit ID which are placed in the remotemaintenance/operation header have been entered into the user validationdatabase 121. If the entry is confirmed, then the IP address (“D” inthis case) of the servicing unit 130 having that service ID is fetchedfrom the servicing unit database 122. The servicing unit connectingsection 125 receives this IP address D from the security protectionsection 126 and then sets up the connection (session) B with the centralunit connected section 132 in the servicing unit 130.

[0145] After that, the central unit connected section 132 produces apacket (IP datagram) 403 shown in FIG. 15. That is, the receiving IPaddress in the packet 403 is set to “D” and the transmitting IP addressis set to its IP address “C”. The receiving port number in the packet403 is set to a port number (P3 in this case) assigned to the centralunit connected section 132 in the servicing unit 130. Notificationinformation from the user for a session request is placed in the datapart of the TCP header. The servicing unit connecting section 125 thensends the packet 403 to the central unit connected section 132 in theservicing unit 130 via the associated network 110.

[0146] In the servicing unit 130, when the central unit connectedsection 132 receives the packet 403, the remote maintenance/operationexecution section 134 interprets directive data from the user (serviceprovider) placed in the data part of the packet 403. The executionsection 134 then produces a command (directive information to theservice provider) to execute the maintenance/operation indicated by thedirective data and a packet (IP datagram) 404 in which that command isplaced in the data part. In this case, the receiving IP address of thepacket 404 is set to the IP address “C” of the remotemaintenance/operation central unit 120 and the transmitting IP addressis set to the IP address “C” of the servicing unit 130. Further, thereceiving port number is set to the port number P1 of the servicing unitconnecting section 125 in the central unit 120 and the transmitting portnumber is set to the port number P3 of the central unit connectedsection 132. The central unit connected section 132 sends the packet 404to the servicing unit connecting section 125 in the central unit 120over the connection B.

[0147] Upon receipt of the packet 404 from the servicing unit connectingsection 125, the serviced unit connected section 124 in the central unit120 produces a packet (IP datagram) 405 shown in FIG. 15. The servicingunit connecting section 125 converts the receiving IP address,transmitting IP address, and receiving port number in the packet 404.That is, the receiving IP address in the packet 405 is set to the IPaddress B of the firewall 220 associated with the client network 210 andthe transmitting IP address is set to the IP address C of the centralunit 120. Further, the receiving port number is set to the port numberP2 of the central unit connecting section 232 in the serviced unit 230on the client network 210. The serviced unit connecting section 124transmits the packet 405 to the firewall 220 on the client network 210over the connection A. Upon receipt of the packet 405, the firewall 220first performs an IP address translation process and then produces apacket (IP datagram) 406 shown in FIG. 16. That is, the receiving IPaddress is translated from B to A, the IP address of the serviced unit230, and the transmitting IP address is translated from C to B, the IPaddress of the firewall itself. The firewall 220 transmits the packet406 to the central unit connecting section 232 in the serviced unit 230using the session with the serviced unit 230.

[0148] In this way, the serviced unit 230 receives only packets in whichthe transmitting IP address is the IP address of the firewall.Therefore, the serviced unit will not know the IP address of theservicing unit 130.

[0149] The central unit connecting section 232 receives the packet 406and then sends it to the remote maintenance/operation executed section234. The executed section 234 fetches directive information of theservice provider from the packet 406, analyzes it, and carries outmaintenance/operation indicated by it. The directive information ischecked for validity by the serviced unit security protection section235 before the maintenance/operation is carried out. The remotemaintenance/operation execution section 234 carries out only directiveinformation that has been validated.

[0150] After the termination of the execution of the remotemaintenance/operation, the remote maintenance/operation executionsection 234 produces a packet (IP datagram) which contains the result ofthe execution in the data part of the TCP header. This packet is sent tothe servicing unit 130 connected to the service company network 110 overthe secondary path (refer to FIG. 10) connected by the connection A andthe connection B described previously.

[0151] Next, the operation of the remote maintenance/operation centralunit 120 to set up the connection (session) A with the serviced unit 230connected to the client network 210 via the firewall 220 installed inthe client network 210 will be described in more detail.

[0152]FIG. 19 is an operating flowchart illustrating the process ofrelaying packets (IP datagrams) between the serviced unit 230 and theservicing unit 130 by the remote maintenance/operation central unit 120.

[0153] Note here that the firewall 220 on the client network 210 isequipped with, for example, the TCP port filtering feature. When acontract for remote maintenance/operation service is concluded, theservice providing company informs the contract user of the port numberassigned to the serviced unit connected section 124 in the remotemaintenance/operation central unit 120. Then, a firewall 220administrator of the service receiving company sets the TCP portfiltering of the firewall 220 so that packets can be transmitted betweenthe serviced unit 230 on the service receiving company network 210 andthe serviced unit connected section 124 through that firewall 220. Theport number of the serviced unit connected section 124 may be fixed ormay vary with the serviced units.

[0154] When the firewall 220 on the client network is equipped with theIP address filtering feature, the service provider informs the contractuser of the IP address of the remote maintenance/operation central unit120 and then requests the user to set the IP address filtering so thatpackets transmitted from the remote maintenance/operation central unit120 toward the serviced unit 230 can pass through the firewall 220.

[0155] The serviced unit connected section 124 is always placed in thewait state for a request for session (connection) setup by the servicedunit 230 (S41).

[0156] Upon receipt of a packet containing a session setup requestingmessage from the serviced unit 230 via the firewall 220, the servicedunit connected section 124 requests the service company network securityprotection section 126 to make a check as to whether or not the serviceID, user ID, password and serviced unit ID which are placed in theremote maintenance/operation header of that packet have been enteredinto the user validation database 121 (S42).

[0157] After that, the serviced unit connected section 124 receives theresult from the security protection section 126 to determine whether ornot the serviced unit 230 belongs to a contract user (S43).

[0158] Next, if the determination is that the session setup requestingmessage is not from a contract user (S43, NG), then the serviced unitconnected section 124 rejects the request for session setup (S44).

[0159] If, on the other hand, the determination is that the sessionsetup requesting packet is from a contract user (S43, OK), then theserviced unit connected section 124 sends the service ID contained inthat packet to the servicing unit connecting section 125. Upon receiptof that service ID, the servicing unit connecting section 125 retrievesthe IP address of the servicing unit 130 corresponding to the service IDfrom the servicing unit database 122 (S45).

[0160] And, the servicing unit connecting section 125 sets up thesession (connection) B with the servicing unit 130 having the IP addressvia the service company network 110 using this IP address.

[0161] Then, the servicing unit connecting section 125 generates a childprocess for the serviced unit 230 while maintaining the sessions(connections) with the serviced unit 230 and the servicing unit 130(S47).

[0162] Next, the servicing unit connecting section 125 makes a systemcall to wait for a session request by another serviced unit 230 (S48).The procedure then returns to step S41.

[0163] The above-described steps S41 to S48 allows the remotemaintenance/operation central unit 120 to set up multiple sessionsbetween the serviced unit 230 and the servicing unit 130. That is, theservicing unit 130 can provide remote maintenance/operation service tomultiple serviced units 230.

[0164] In FIG. 19, there are illustrated child processes generated bysessions set up between the servicing unit 130 and a serviced unit A,between the servicing unit 130 and a serviced unit B, and between theservicing unit 130 and a serviced unit C. Each child process is equippedwith a buffer 127 (127A, 127B, 127C) for the corresponding serviced unit230 and a buffer 128 (128A, 128B, 128C) for the servicing unit 130. Whena packet is transmitted from a serviced unit 230 to the servicing unit130, it is stored temporarily in the corresponding buffer 127 and thencopied into the buffer 128 for the servicing unit 130. The packet storedin the buffer 128 is taken out by the servicing unit connecting section125, then output to the servicing unit 130.

[0165] Though not shown in FIG. 19, where a packet is sent from theservicing unit 130 to a serviced unit 230, it is temporarily stored inthe buffer 128 for the servicing unit 130, then copied into thecorresponding buffer 127 for the serviced unit 230. The packet is takenout from the buffer 127 by the serviced unit connected section 124, thenoutput to the serviced unit 230.

[0166] In the manner described above, packets are transmitted betweenthe serviced unit 230 and the servicing unit 130 via the remotemaintenance/operation central unit 120 by the use of the twoconnections—the connection A and the connection B—and remotemaintenance/operation is performed on the serviced unit 230 by theservicing unit 130.

[0167]FIG. 20 is an operating flowchart illustrating the IP relayfeature of the remote maintenance/operation central unit 120 from adifferent point of view.

[0168] In this figure, based on steps S41 to S46, which are identical tothe corresponding steps in FIG. 19, the servicing unit connectingsection 125 sets up a session (connection B) with the servicing unit 130through the service company network 110 in accordance with a sessionsetup request by the serviced unit 230.

[0169] The servicing unit connecting section 125 then creates a sessionmanagement table (S51). This table contains three types of informationitems—session number, serviced unit session ID, and servicing unitsession ID. The serviced unit session ID is related to a session that isset up by the connection A established between the serviced unit 230 andthe serviced unit connected section 124. The servicing unit session IDis related to a session that is set up by the connection B establishedbetween the servicing unit connecting section 125 and the servicing unit130. By the serviced unit session ID and the servicing unit session ID,information about a logical path established between the serviced unit230 and the servicing unit 130 is obtained, which allows the remotemaintenance/operation central unit 120 to carry out a process ofrelaying packets (IP datagrams) between the serviced unit 230 and theservicing unit 130. The session ID, which is managed on the TCP protocollayer by the servicing unit connecting section 125, is used to identifyeach session (connection) distinguished by information such astransmitting IP address, receiving IP address, transmitting port number,receiving port number and the like. In the session management table,each session between the serviced unit 230 and the servicing unit 130that is determined by a set of serviced unit and servicing unit sessionIDs is assigned a unique session number.

[0170] The remote maintenance/operation central unit 120 (the servicedunit connected section 124 or servicing unit connecting section 125)waits for entry of packets from each unit (the serviced unit 230 or theservicing unit 130) (S52).

[0171] Upon receipt of a packet from a unit, the remotemaintenance/operation central unit 120 (serviced unit 124 or servicingunit connecting section 125) searches the session management table bythe ID (session ID) of a session over which that packet has beentransmitted and fetches the session ID of a unit (serviced unit 230 orservicing unit 130) corresponding to that session ID from the sessionmanagement table (S54). That is, when the serviced unit connectedsection 124 receives a packet from the serviced unit 230, it fetches theservicing unit session ID corresponding to the session (serviced unitsession ID) over which that packet has been transmitted. On the otherhand, when the servicing unit connecting section 125 receives a packetfrom the servicing unit 130, it fetches the serviced unit session IDcorresponding to the session (servicing unit session ID) over which thatpacket has been transmitted.

[0172] The servicing unit connecting section 125 sends the packet fromthe serviced unit 230 to the servicing unit 130 according to the sessionID fetched. Also, the serviced unit connected section 124 sends thepacket from the servicing unit 130 to the serviced unit 230 according tothe session ID fetched (S55).

[0173] According to the present embodiment, as described above, in asystem in which an internal network of a remote maintenance/operationservice providing company and an internal network of a client companyhaving a service receiving unit are interconnected by an externalnetwork such as an internet, public line or the like and each of thecompanies is equipped with a firewall for the external network, theservice providing company can use a servicing unit connected to itsinternal network to perform remote maintenance/operation on the servicedunit connected to the client internal network. And moreover, both thecompanies are equipped with a security protection feature and hence canprovide security for their respective internal networks.

[0174] In the present embodiment, a commercial internet can be used asthe external network. In this case, dialup IP connection users canbecome clients. In addition, users who use dialup IP connectionterminals each assigned an IP address at the time of line connection tothe commercial internet can also become clients. The reason is that, inthe present embodiment, whether received packets have been sent from acontract user or not is determined on the basis of the service ID, userID, serviced unit ID and password which are entered at the time acontract is concluded and thus contract user validation can be madepossible without depending on only IP addresses.

[0175] Although, in the above embodiment, the TCP/IP protocol is usedto, transmit packets for remote maintenance/operation, this is notrestrictive and any other protocol may be used. Moreover, theintracompany networks of a contract user company and a service providingcompany need not necessarily be interconnected by the Internet and maybe interconnected by any network that is provided by a common carrier.Furthermore, the present invention is applicable not only to remotemaintenance/operation but also to remote operation in general.

[0176] According to the present invention, a remote operation servicereceiving client and a remote operation service providing company canperform remote operation by the use of units connected to theirrespective intracompany networks with their respective firewallsinstalled in an external network. Therefore, existing intracompanynetworks can be used as they are to implement a safe, inexpensive remoteoperation service system.

[0177] A serviced unit is equipped with a security check feature whichprevents the execution of remote operations other than those specifiedin a contract, thus ensuring security. Also, a service providing companyis equipped with a security check feature which, after a connection hasbeen set up with the serviced unit of a contract user, checks packetssent over the connection for the presence of user validation informationindicating a contract user, thus protecting the servicing unit fromunfair access.

What is claimed is:
 1. A system which is provided with a servicing unitconnected to a first internal network in which a first firewall isinstalled for an external network and a serviced unit connected to asecond internal network in which a second firewall is installed for saidexternal network, wherein said servicing unit performs a remoteoperation on said serviced unit through said external network, saidserviced unit comprising: packet communications means for transmittingan identifier specifying the address of said servicing unit connected tosaid first internal network, setting up a connection with said servicingunit via said second firewall and said first firewall, and transmittingpackets to or from said servicing unit over said connection; and remoteoperation execution means for fetching remote operation directiveinformation from packets received by said packet communications meansand performing a remote operation on said serviced unit as indicated bysaid remote operation directive information.
 2. A system which isprovided with a servicing unit connected to a first internal network inwhich a first firewall is installed for an external network and aserviced unit connected to a second internal network in which a secondfirewall is installed for said external network, wherein said servicingunit performs a remote operation on said serviced unit through saidexternal network, said serviced unit comprising: packet communicationsmeans for setting up a connection with said first firewall via saidsecond firewall and transmitting packets to or from said first firewallover said connection; and security check means for checking remoteoperation directive information contained in packets received by saidpacket communications means for validity; remote operation executionmeans for performing a remote operation on said serviced unit asindicated by said remote operation directive information which has beenvalidated by said security check means; and execution result returnmeans for returning the result of execution of said remote operation bysaid remote operation execution means to said first firewall throughsaid packet communications means.
 3. A system which is provided with aservicing unit connected to a first internal network in which a firstfirewall is installed for the Internet and a serviced unit connected toa second internal network in which a second firewall is installed forthe Internet, wherein said servicing unit performs a remote operation onsaid serviced unit through said Internet, said serviced unit comprising:packet communications means for transmitting an identifier specifyingthe address of said servicing unit connected to said first internalnetwork, setting up a connection with said servicing unit via saidsecond firewall and said first firewall, and transmitting packets to orfrom said servicing unit over said connection; and remote operationexecution means for fetching remote operation directive information frompackets received by said packet communications means and performing aremote operation on said serviced unit as indicated by said remoteoperation directive information.
 4. A system which is provided with aservicing unit connected to a first internal network in which a firstfirewall is installed for the Internet and a serviced unit connected toa second internal network in which a second firewall is installed forsaid Internet, wherein said servicing unit performs a remote operationon said serviced unit through said Internet, said serviced unitcomprising: packet communications means for setting up a connection withsaid first firewall via said second firewall and transmitting packets toor from said first firewall over said connection; and security checkmeans for checking remote operation directive information contained inpackets received by said packet communications means for validity;remote operation execution means for performing a remote operation onsaid serviced unit as indicated by said remote operation directiveinformation which has been validated by said security check means; andexecution result return means for returning the result of execution ofsaid remote operation by said remote operation execution means to saidfirst firewall through said packet communications means.
 5. A centralunit which functions as a second firewall against access to a servicingunit via an external network by a serviced unit connected to a firstinternal network in which a first firewall is installed for saidexternal network, comprising: first packet communications means forsetting up a first connection with said serviced unit via said firstfirewall and said external network and transmitting packets to or fromsaid serviced unit over said first connection; security check means fordetermining whether or not packets received by said packetcommunications means after said first connection has been set up arepackets transmitted from a serviced unit of a contract user; and secondpacket communications means for, when the determination by said securitycheck means is that said packets are packets from said serviced unit ofa contract user, setting up a second connection with said servicing unitvia a second internal network connected to said central unit andtransmitting packets to or from said servicing unit connected to saidsecond internal network over said second connection.
 6. The central unitaccording to claim 5, further comprising: a database into which contractuser validation information has been entered, and wherein said securitycheck means checks received packets as to whether said received packetscontain said user validation information in said database, therebydetermining whether or not said received packets are packets from acontract user.
 7. The central unit according to claim 5, furthercomprising: a database into which servicing unit identificationinformation used to set up said second connection has been entered, andwherein said second packet communications means retrieves servicing unitidentification information corresponding to identification informationin packets received by said first packet communications means from saiddatabase and sets up said second connection using said servicing unitidentification information.
 8. A central unit which functions as asecond firewall against access to a servicing unit via the Internet by aserviced unit connected to a first internal network in which a firstfirewall is installed for said Internet, comprising: first packetcommunication means for setting up a first connection with said servicedunit via said first firewall and said Internet and transmitting packetsto or from said serviced unit over said first connection; security checkmeans for determining whether or not packets received by said packetcommunications means after said first connection has been set up arepackets transmitted from a serviced unit of a contract user; and secondpacket communications means for, when the determination by said securitycheck means is that said packets are packets from said serviced unit ofcontract user, setting up a second connection with said servicing unitvia a second internal network connected to said central unit andtransmitting packets to or from said servicing unit connected to saidsecond internal network over said second connection.
 9. The central unitaccording to claim 8, further comprising: a database into which contractuser validation information has been entered, and wherein said securitycheck means checks received packets as to whether said received packetscontain said user validation information entered in said database,thereby determining whether or not said received packets are packetsfrom a contract user.
 10. The central unit according to claim 8, furthercomprising: a database into which IP addresses of servicing units usedto set up said second connection have been entered, and wherein saidsecond packet communications means retrieves an IP address correspondingto service identification information in packets received by said firstpacket communications means from said database and sets up said secondconnection using said IP address.
 11. A remote operation system which isprovided with a serviced unit connected to a first internal network inwhich a first firewall is installed for an external network and aservicing unit connected to a second internal network in which a secondfirewall is installed for said external network for providing remoteoperation services to said serviced unit, said servicing unitcomprising: packet communications means for setting up a connection withsaid second firewall and transmitting packets to or from said servicedunit over said connection; and remote operation execution means forproducing packets containing a command to perform a remote operation onsaid serviced unit and transmitting said packets to said second firewallvia said packet communications means.
 12. The servicing unit accordingto claim 11, wherein said remote operation execution means sets up saidcommand according to remote operation directive information contained inpackets received by said packet communications means from said servicedunit.
 13. A remote operation system which is provided with a servicedunit connected to a first internal network in which a first firewall isinstalled for the Internet and a servicing unit connected to a secondinternal network in which a second firewall is installed for saidInternet for providing remote operation services to said serviced unit,said servicing unit comprising: packet communications means for settingup a connection with said second firewall and transmitting datacontaining packets to or from said serviced unit over said connection;and remote operation execution means for fetching remote operationdirective information set up by said serviced unit from packets receivedby said packet communications means, producing packets containing acommand to perform a remote operation indicated by said directiveinformation and transmitting said packets to said second firewall. 14.The servicing unit according to claim 13, wherein said remote operationexecution means fetches the result of execution of said remote operationspecified by said serviced unit from packets received by said packetcommunications means and outputs said result of execution to outside.15. A remote operation service system in which first and second internalnetworks are connected to an external network by first and secondfirewalls which are respectively installed in said first and secondnetworks, and a servicing unit connected to said second internal networkprovides remote operation services to a serviced unit connected to saidfirst internal network, said serviced unit including: means for settingup a first connection with said second firewall installed for saidsecond internal network via said first internal network and said firstfirewall installed for said first internal network; and means fortransmitting packets containing data for a remote operation to or fromsaid servicing unit over said first connection, said second firewallincluding: means for, after said first connection has been set up withsaid serviced unit, setting up a second connection with said servicingunit via said second internal network; and means for relaying packetsbetween said serviced unit and said servicing unit using said first andsecond connections, and said servicing unit including: means forproviding remote operation services to said serviced unit bytransmitting packets to or from said serviced unit via said secondfirewall and said second connection.
 16. The system according to claim15, wherein said second firewall includes validation means fordetermining whether or not said serviced unit belongs to a contract useron the basis of the contents of data contained in packets transmitted bysaid serviced unit over said first connection.
 17. The system accordingto claim 15, wherein said serviced unit includes validation means for,when receiving a packet from said second firewall, which said packettransmitted from said servicing unit over said first connection,checking a command for remote operation in said packet for its validity.18. A remote operation service system in which first and second internalnetworks are connected to the Internet by first and second firewallswhich are respectively installed in said first and second networks, anda servicing unit connected to said second internal network providesremote operation services to a serviced unit connected to said firstinternal network, said serviced unit including: means for setting up afirst connection with said second firewall installed for said secondinternal network via said first internal network and said first firewallinstalled for said first internal network; and means for transmittingpackets containing data for a remote operation to or from said servicingunit over said first connection, said second firewall including: meansfor, after said first connection has been set up with said servicedunit, setting up a second connection with said servicing unit via saidsecond internal network; and means for relaying packets between saidserviced unit and said servicing unit using said first and secondconnections, and said servicing unit including: means for providingremote operation services to said serviced unit by transmitting packetsto or from said serviced unit via said second firewall and said secondconnection.
 19. The system according to claim 18, wherein said secondfirewall includes validation means for determining whether or not saidserviced unit belongs to a contract user on the basis of the contents ofdata contained in packets transmitted by said serviced unit over saidfirst connection.
 20. The system according to claim 18, wherein saidserviced unit includes validation means for, when receiving a packetfrom said second firewall, which said packet transmitted from saidservicing unit over said first connection, checking a command for remoteoperation in said packet for its validity.
 21. A remote operationservice providing method in a remote operation service system in whichfirst and second internal networks are connected to an external networkby first and second firewalls which are respectively installed in saidfirst and second networks and a servicing unit connected to said secondinternal network provides remote operation services to a serviced unitconnected to said first internal network, said remote operation serviceproviding method comprising the steps of: in said serviced unit, settingup a first connection with said second firewall installed for saidsecond internal network via said first internal network and said firstfirewall for said first internal network; in said serviced unit,transmitting packets containing data for performing a remote operationto or from said servicing unit connected to said second internal networkover said first connection; in said second firewall, setting up a secondconnection with said servicing unit via said second internal networkafter said first connection has been set up with said serviced unit; insaid second firewall, relaying packets between said serviced unit andsaid servicing unit over said first and second connections; and in saidservicing unit, providing a remote operation service to said servicedunit by transmitting packets to or from said serviced unit via saidsecond firewall and said second connection.
 22. A unit to be servicedwhich is connected to a first internal network in which a first firewallis installed for an external network and receives a remote operationservice from a servicing unit connected to a second internal network inwhich a second firewall is installed for the external network,comprising: packet communications means for transmitting an identifierspecifying an address of the servicing unit connected to the secondinternal network, establishing a connection to the servicing unitthrough the first and second firewalls, and transmitting a packet to andfrom the servicing unit through the connection; and remote operationexecution means for retrieving remote operation directive informationfrom the packet received by said packet communications means, andperforming a remote operation on the unit to be serviced.
 23. The unitto be serviced according to claim 22, wherein said external network isInternet.
 24. A unit to be serviced which is connected to a firstinternal network in which a first firewall is installed for an externalnetwork and receives a remote operation service from a servicing unitconnected to a second internal network in which a second firewall isinstalled for the external network, comprising: packet communicationsmeans for establishing a connection to the second firewall through thefirst firewall, and transmitting a packet to and from the secondfirewall through the connection; security check means for checkingsecurity of remote operation directive information stored in the packetreceived by said packet communications means; remote operation executionmeans for performing a remote operation on the unit to be servicedaccording to the remote operation directive information whose securityis checked by said security check means; and execution result returnmeans for returning an execution result of the remote operationperformed by said remote operation execution means to the secondfirewall through said packet communications means.
 25. The unit to beserviced according to claim 24, wherein said external network isInternet.
 26. A servicing unit which is connected to the second internalnetwork in which the second firewall is installed for the externalnetwork and provides a remote operation service for a unit to beserviced connected to a first internal network in which a first firewallis installed for an external network, comprising: packet communicationsmeans for establishing a connection to the second firewall, andtransmitting a packet storing data to be transmitted to and from theunit to be serviced through the connection; and remote operationexecution means for generating the packet for which a command to performa remote operation is set for the unit to be serviced, and transmittingthe packet to the second firewall through said packet communicationsmeans.
 27. The servicing unit according to claim 26, wherein said remoteoperation execution means sets the command according to the remoteoperation directive information which is stored in the packet receivedfrom the unit to be serviced through said packet communications means.28. The servicing unit according to claim 26, wherein said externalnetwork is Internet.
 29. A remote operation method for use with a unitto be serviced which is connected to a second internal network in whicha second firewall is installed for an external network and receives aremote operation service from a servicing unit connected to a firstinternal network in which a first firewall is installed for the externalnetwork, comprising the steps of: establishing a connection to theservicing unit through the second and first firewalls after transmittingan identifier specifying an address of the servicing unit connected tothe first internal network; transmitting a packet to and from theservicing unit through the connection; and retrieving remote operationdirective information from the received packet and performing a remoteoperation on the unit to be serviced.
 30. A remote operation method foruse with a servicing unit, connected to a second internal network inwhich a second firewall is installed for an external network, forproviding a remote operation service for a unit to be serviced which isconnected to a first internal network in which a first firewall isinstalled for the external network, comprising the steps of:establishing a connection to the second firewall; transmitting a packetstoring data to be transmitted to and from the unit to be servicedthrough the connection; generating a packet in which a command toperform a remote operation on the unit to be serviced is set; andtransmitting the packet to the second firewall through the connection.31. A remote operation method for use with a unit to be serviced whichis connected to a second internal network in which a second firewall isinstalled for an external network and receives a remote operationservice from a servicing unit connected to a first internal network inwhich a first firewall is installed for the external network, comprisingthe steps of: establishing a connection to the first firewall throughthe second firewall; transmitting a packet to and from the firstfirewall through the connection; checking security of remote operationdirective information stored in a received packet; performing a remoteoperation on the unit to be serviced according to the remote operationdirective information whose security is checked; and transmitting anexecution result of the remote operation to the first firewall throughthe connection.
 32. A security check method for use with a center devicefunctioning as a second firewall in response to access through anexternal network to a servicing unit by a unit to be serviced which isconnected to a first internal network in which a first firewall isinstalled for the external network, comprising the steps of:establishing a first connection to the unit to be serviced through thefirst firewall and external network; transmitting a packet to and fromthe unit to be serviced through the first connection; checking afterestablishing the first connection whether or not a received packet istransmitted from the unit to be serviced of a subscriber; establishing asecond connection to the servicing unit through an internal network whenit is determined as a result of the checking that the received packet istransmitted from the unit to be serviced of the subscriber; andtransmitting the packet to and from the servicing unit connected to theinternal network through the second connection.